January 17, 2017

Netsurion and EventTracker Global CISO John Christly has been named to the Payment Card Industry Security Standards Council (PCI SSC) Small Merchant Task Force. As a seasoned IT security professional, Christly will serve as a voice for SMBs and multi-location merchants to help make PCI compliance even more achievable and payment data even more secure. Netsurion is a leading provider of managed data and network security services for multi-location businesses, and its subsidiary EventTracker is an innovator in security information and event management (SIEM) technology.

SMB retailers vary from small operations with one or a few locations, to larger entities with many edge locations, such as franchises or branch offices. The dispersed nature of their businesses can create security gaps and challenges, leaving them vulnerable to data breaches. Operating remotely with minimal IT budgets and internal resources, they often cannot fortify their payment systems on their own—let alone efficiently gain and maintain their PCI compliance.

These types of small, remote franchise locations present a huge risk to leading brands across the retail, restaurant, and hotel sectors. Reputational damage and revenue loss from breach news going public impact the individual edge locations, as well as the corporate brand on a national or global scale. Clearly, more needs to be done to improve security at each and every location under the brand umbrella.

According to the 2016 Verizon Data Breach Investigations Report, “remote attacks against the environments where card-present retail transactions are conducted” resulted in 534 total incidents, of which 525 had confirmed data disclosure.

The Small Merchant Task Force is a dedicated global effort to help improve payment data security for small businesses. Co-chaired by Barclaycard and the National Restaurant Association (NRA), the task force collaborates on guidance and resources that simplify data security and PCI Data Security Standard (PCI DSS) compliance for some of the most vulnerable businesses preyed upon by cybercriminals.

The task force relies on cross-industry expertise to develop resources that help small merchants understand why and how to protect payment card data and resolve risks to their businesses. Specifically, the group provides:

  • Best Practices: Recommendations on what is needed to protect the payment environment, including working with security assessors, vendors, and service providers
  • Simplified Guidance: Easy-to-understand content and resources unique to small business needs that will help them take advantage of PCI best practices, standards, training programs, and solutions
  • Market Insight: Ongoing input to PCI Council on current trends, issues, and concerns for small merchants

Christly has more than 25 years of experience in technical and cybersecurity-related operational, project, and program management, as well as industry regulations including PCI DSS, HIPAA, HITECH, and more. He formerly served as the CISO and HIPAA security officer for Nova Southeastern University in Florida and was the co-founder and CEO for OMC Systems, a Florida-based cybersecurity advisory firm.

According to Christly, “All businesses, even small merchants, need to be able to quickly detect and prevent threats from causing massive damage to their networks and systems, by monitoring and protecting all of their endpoints. A managed firewall is essential but no longer a significant enough barrier on its own. Risk mitigation has become crucial, including monitoring outbound traffic for exfiltrating data.”

He currently leads cybersecurity and compliance efforts for Netsurion and EventTracker, providing support to in-house corporate teams, customers, and partners. This post enables him to consistently gain insights into small merchant compliance pains and needs, making him a valuable addition to the task force.

“Both Netsurion and EventTracker have fingers on the pulse of many SMB operations and their compliance needs, so we understand the struggles that they go through,” said Kevin Watson, CEO of Netsurion. “We are honored that John is representing our companies within the group and helping to shape the PCI standard to better meet the needs of our customers and small merchants everywhere.”

“On every device, computer and network there are new methods thieves are creating to steal data from companies around the world, and smaller businesses are particularly at risk,” said PCI SSC International Director Jeremy King. “Having a group that is focused on this specific challenge is a critical part of our work to increase security awareness and defend against breaches globally. It’s great to have Netsurion and EventTracker, and a wide variety of industries and geographies on board, and we look forward to working together to better protect small businesses.”

For more information on the PCI SSC Small Merchant Task Force, please visit https://www.pcisecuritystandards.org/pci_security/small_merchant.

Tweet this: .@Christly, CISO of @Netsurion + EventTracker (@logtalk) named to #PCISMB Task Force http://bit.ly/2iuKDBE #SMB #security

About Netsurion
Netsurion® delivers an adaptive managed security solution that integrates our XDR platform with your existing security investments and technology stack, easily scaling to fit your business needs. Netsurion's managed offering includes our 24x7 SOC that operates as your trusted cybersecurity partner, working closely with your IT team to strengthen your cybersecurity posture. Our solution delivers Managed Threat Protection so you can confidently focus on your core business.

Headquartered in Ft. Lauderdale, FL with a global team of security analysts and engineers, Netsurion is a leader in Managed Extended Detection & Response (MXDR). Learn more at netsurion.com.

Media Contact
Sherlyn Rijos
Montner Tech PR
srijos@montner.com

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept